STEGANOGRAPHYSecurity by obscurity

What is Steganography?

Greek “Concealed Writing”

Steganography – the science of hiding a message so that only the recipient and sender are aware that a message exists.

TERMS:

Payload – message to be hidden and sentCarrier – overlying message to conceal the payloadChannel – type of message the carrier is (i.e. slave, JPEG, WAV)Package – carrier containing payloadSuspect – intercepted message which is thought to have a payload

Physical Steganography

Wax tabletsprint message on underlying wood, cover in wax and write false

message

Shaved SlavesShave a slave, tattoo a message, send him out once hair grows back

Invisible InkWrite a message in lemon juice in between lines of a phony

message, recipient heats to reveal the secret message.

Morse Code YarnCreate a length of yarn such that there is a Morse code message in

the colors of the yarn, weave it into some booties and send them as a gift.

Digital Noise

When an analog signal is converted into digital, there can be “noise” which causes a small corruption of some data. Think of a tape player hissing when no noise had been recorded.

When a camera takes a picture, there are minute variations in the data after being converted even if all variables of the picture being taken were the same.

What if we took this random, corrupted data and replaced it with something meaningful?

As long as an interceptor does not know where to look, and assumes this noise is just noise, our message is kept secret.

Digital Steganography List

1. Hiding in pictures and video

2. Watermarking

3. Blog Steganography

4. CAPTCHA

5. Bacon’s Cipher

Hiding in Pictures

Pictures are represented in your computer as a header and zounds of RGB values.

-24 bit color means 2^8 shades of each color. -Human eye cannot tell the difference between shade of 11111111 and

11111110, so why not omit this last bit of information, and insert something sneaky?

-ASCII is represented by numbers 0-127, or 8 bits. If we drop each low order bit for each of the three colors every pixel, we can insert an ASCII character every 3 pixels!

-To insert a message like “Sneaky Hello World!” we would only need a picture 19x3 or 57 pixels. The bigger the picture, the bigger the message you can hide without it being noticeable!

- Note that it does not have to be an ASCII message! We can hide anything that can be represented in binary (which, according to Claude Shannon, is everything) inside of a picture.

Hiding in Pictures Example

This is a normal cake picture. This is a cake picture that has “SNEAKY HELLO WORLD” embedded in it.

Can you tell the difference? A computer could, if it knew where to look.

Hiding in Video

A video is simply a rapid succession of pictures being displayed.

If we can hide long messages in a picture, imagine what we could hide in a two hour long movie with ~30 frames per second!

-OR -

Subliminal Message – pictures inserted into a frame of video. Your brain recognizes the image, but you are not consciously aware of it.

If the video were slowed down, you would have the time to recognize this image consciously. As long as the video remains at normal speed, the message remains hidden.

You can also retrieve information by speeding up the video, if it was hidden for such purpose. Think of flip books where each page has a small amount of information, and they converge into a full picture when viewed rapidly.

Watermarks

Watermark – embedded message containing the source of the object

Currency – if you hold a $50 bill to the light, you can see bands of text that appear to be *inside* the paper. These bands make it extremely difficult to counterfeit the bills.

Printers – tiny yellow dots are printed on the bottom of pages. They can contain anything including the serial number of the printer, the user who printed the page, and a timestamp.

Dots seen through a microscope:

CAPTCHA

Completely Automated Public Turing test to tell Computers and Humans Apart

Why is this Steganography? It hides information from computers, but not from (most) humans.

Bacon Cipher

1. Translate payload into As and Bs using Baconian Alphabet2. Two typefaces (fonts) much be chosen3. Construct a carrier message with the same length as the payload4. Use typeface1 for A and typeface2 for B5. Transmit

A AAAAA

G AABBA

N ABBAA

T BAABA

B AAAAB

H AABBB

O ABBAB

U-V BAABB

C AAABA

I-J ABAAA

P ABBBA

W BABAA

D AAABB

K ABAAB

Q ABBBB

X BABAB

E AABAA

L ABABA

R BAAAA

Y BABBA

F AABAB

M ABABB

S BAAAB

Z BABBB

Bacon Cipher Example

Payload = “ATTACK AT DAWN”Font1 (A) = BoldFont2 (B) = Regular

Translated payload = “AAAAA BAABA BAABA AAAAA AAABA ABAAB AAAAA BAABA

AAABB AAAAA BABAA ABBAA”, length = 12x5 = 60 characters

Carrier: “Hello Mr. Honeydew, how are you holding up after your operation? Let me know.”

Package: “Hello Mr. Honeydew, how are you holding up after your operation? Let me know.”

Bibliography

"Baconian Cipher." Purple Hell. Web. 07 Oct. 2009. <http://www.purplehell.com/riddletools/bacon.htm>.

"Bacon's cipher -." Wikipedia, the free encyclopedia. Web. 07 Oct. 2009. <http://en.wikipedia.org/wiki/Bacon%27s_cipher>.

"CAPTCHA -." Wikipedia, the free encyclopedia. Web. 07 Oct. 2009. <http://en.wikipedia.org/wiki/CAPTCHA>.

"Portal-cake." Armchair Generalist. Web. 07 Oct. 2009. <http://armchairgeneralist.typepad.com/.a/6a00d83451b39369e20105362b61b9970b-popup>.

"Steganography -." Wikipedia, the free encyclopedia. Web. 07 Oct. 2009. <http://en.wikipedia.org/wiki/Steganography#Digital_steganography>.

"Steganography_Encode - Utility Mill - Utility." Utility Mill - Makes Utilities. Web. 07 Oct. 2009. <http://utilitymill.com/utility/Steganography_Encode>.